anonymsean / oauth

Automatically exported from code.google.com/p/oauth
0 stars 0 forks source link

python to_header doesn't support google's extra oauth parameter scope, could impact other providers #151

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
    def to_header(self, realm=''):
        """Serialize as a header for an HTTPAuth request."""
        auth_header = 'OAuth realm="%s"' % realm
        # Add the oauth parameters.
        if self.parameters:
            for k, v in self.parameters.iteritems():
                if k[:6] == 'oauth_' or k == "scope":
                    auth_header += ', %s="%s"' % (k, escape(str(v)))
        return {'Authorization': auth_header}

Should be

    def to_header(self, realm=''):
        """Serialize as a header for an HTTPAuth request."""
        auth_header = 'OAuth realm="%s"' % realm
        # Add the oauth parameters.
        if self.parameters:
            for k, v in self.parameters.iteritems():
                auth_header += ', %s="%s"' % (k, escape(str(v)))
        return {'Authorization': auth_header}

Otherwise if the provider uses special parameters that don't begin with 
oauth_ they will never be sent. Found this trying to auth against youtube, 
which requires the Google "scope" parameter.

Original issue reported on code.google.com by bowman.j...@gmail.com on 21 Mar 2010 at 7:50

GoogleCodeExporter commented 8 years ago

Original comment by morten.f...@gmail.com on 22 Mar 2010 at 12:03